Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

Expert Spotlight: Your Top EMV Questions Answered

July 16, 2017

Expert Spotlight: Your Top EMV Questions Answered

With October quickly approaching, the EMV transition is beginning to get more and more attention, and with that, comes many questions. We've reached out to two of our DC/POS Senior Market Development Specialists, Jeremiah Shea and Stephen Bochniarz, to answer some of the most frequently asked EMV questions surrounding the transition. Here are their responses.

1. What are EMV cards?

Jeremiah Shea: EMV cards are a new type of payment card that people should already, or soon be, receiving. The difference between these cards versus the current standard black stripe card is that EMV cards have a computer chip in them, basically making them much more difficult to duplicate. They work in a similar fashion to the older cards, but randomize a portion of your information as it's being processed. In comparison, the black stripe cards send the same information at every transaction, thus making it easy for a criminal to steal and duplicate your card.

Stephen Bochniarz: A simple example to show how they work would be similar to how you perform a transaction at an ATM. You insert the card, enter the PIN, wait for the approval/decline, and the order processes. You then remove the card, collect the receipt, and that's the end of the transaction.

2. Why are EMV cards safer?

JS: They’re safer in card-present situations because your data changes every time you swipe. When the data doesn’t change, like the way it does with a black stripe card, a criminal can capture your card information, replicate your card, and perform fraudulent transactions or sell it on the black market. Additionally, EMV cards in some cases will require a PIN number, thus adding another layer of protection.

SB: The data on the card is no longer static. Each transaction gets a one-time approval code. Also, the microchip helps card activity communication.

3. What does the term ‘liability shift’ mean?

JS: Previously, when fraudulent activity happened at a store, all of the entities involved—the store, the payment processor, and the card company—had to share in that cost. Once the liability shift happens in October 2015, whichever entity is not doing their part in supporting EMV will be 100 percent responsible to pay the cost back. The impact to merchants has the potential to be substantial. If the store is hit with fraud and they don’t have the updated terminals, they could be on the hook for thousands or more. And even if you want to roll the dice, the credit card companies a merchant supports could raise their processing fees when using non-EMV cards, essentially taking more money from each and every transaction.

SB: “Liability shift” simply means that the issuers (Visa, MC, AMEX) are going to push more of the bad debts (fraud) down to the merchants or the least-compliant piece of the transaction flow. The cost of the cards with the microchip finally are less than dealing with the debt, so in return for producing hundreds of millions of new cards, the issuer is pushing the responsibility further down the process flow.

Merchants are now more exposed to being held liable to fraudulent transactions. If they do not take the necessary steps to supporting EMV cards in way of hardware, as well as having PCI standards in place to help transmit the data, they can assume more risk than ever and could potentially ruin a business.

4. Are EMV card readers expensive?

JS: They certainly can be because, like anything, there are some amazing readers out there that offer a lot of extra functionality such as digital signage right at checkout, color screens, and more. That being said, for a small-to-medium business (SMB) owner who is already struggling to come up with money for this investment, there are certainly some affordable options that will allow for the transition and justify making the investment early.

SB: There are devices available that fit into all price ranges; the question is what features do you want to support. Because you are looking to upgrade, this would be the time to consider future applications that you might want to tap into such as the mobile wallet (Apple Pay, Google Wallet, and so on). Adapting to the mobile wallet expands your ability to accept payments, and this feature could truly pay for itself much faster than you might expect.

5. Why should I take the time to transition?

JS: There are criminals constantly working at obtaining card data. With the United States being the last major country to transition, we are being targeted more than ever. If Home Depot, Target, and other big stores can successfully be attacked, merchants in lower tiers are even more susceptible. Once Tier 1 merchants protect their systems and upgrade to EMV, those same criminals are going to set their sights on the smaller stores whose doors are still open.

SB: Do not assume more liability risks. Stay out of harm's way from your ability to process payments from different issuers such as Visa, MC, and AMEX. If you don't take time to make the transition, you risk increased liability of processing a fraudulent transaction, which in turn could leave you at risk to settle the debt. You'll have limited support if something goes wrong because issuers will hold the weakest link or links responsible. You'll face increased audits that could lead to increase transaction rates, and you could potentially lose the ability to process certain cards such as a Visa or MC. Most importantly, can you afford or recover from being impacted from a fraudulent event?

6. I’m an SMB, so I don’t need to make the transition, correct?

JS: No, that is not correct. Though there might not be any “fines” or “penalties” associated with noncompliance, there will certainly be consequences that could immediately impact your bottom line. Between rising transaction rates and the potential of being a target of a fraud attack, SMBs are just as vulnerable as anywhere that takes a payment.

SB: Anyone that accepts a card transaction must seriously look at enabling themselves to accept smart cards. There are devices that are low cost, could keep you protected, and allow you to keep your business flowing. Since the U.S. is adopting Chip and Signature, there are more solutions available out there than if we were jumping right into Chip and PIN. Chip and PIN is preferred, and the changeover will take time, but if you transition as the U.S. transitions, you will be in a far better place than if you just turn your back to the transition. Also, you can add some great abilities such as Apple Pay to help your business grow its ability to expand how your customers pay. There are numerous solutions out there, even full POS systems that are cloud-based or meant for the SMB, that allow flexibility in which you can get full, bundled solutions that have the EMV-ready device with integrated software. Many of these can be purchased as a monthly service option, which could lead to lower initial costs but still have protection in the event of a fraud mishap.

7. What if my customers don’t have EMV cards? Will I still be able to process their transactions?

JS: Yes. Any merchant that upgrades to a newer EMV-compliant payment terminal will be able to process both EMV and traditional black stripe cards. The overall transition will take awhile, so the payment terminals will support both types for quite some time knowing that some card companies may not support the upgrade right away.

SB: Yes, these devices will support the magstripe. The early EMV cards being distributed in the U.S. will have both the chip and stripe. The card can detect the device that is being used. If the device is EMV-ready, then it will make you process the transaction as an EMV transaction; if you have an EMV device but the customer just has a traditional card, the device can detect that the chip is not there and will process the transaction. The transaction is basically logged, and if the card was fraudulent, the policies in place today would follow suit as you did all you could to enable and offer a secure transaction. The device will default the card to support the highest level of secure transaction enabled on the card.

8. If I have more questions about the EMV Transition, where can I find help?

JS: Ingram Micro is the source for any and all help related to EMV, PCI, and payments in general. We have a Payments Program that can be leveraged and allows resellers to pick and choose what aspects of rolling a payment solution out that they need—from PCI compliance testing, to key injection services, to asset disposal, and more!

SB: You can also contact us directly (our information is below)! Or at the very least, contact your sales reps and have them reach out to either one of us. We have many resources available to help guide you through every step of the process, from assessments to audits, hardware, deployment, and even disposal of the old equipment. The promise of technology starts with Ingram Micro, and we are here to guide you through the transition.  

Hope this helps! What other questions do you have about EMV?

Contact the Experts

Stephen Bochniarz
DC/POS Senior Market Development Specialist
Phone: +1-800-456-8000 ext. 67366
Email: stephen.bochniarz@ingrammicro.com

Jeremiah Shea
DC/POS Senior Market Development Specialist
Phone: 1-800-456-8000 ext 64810
Email: jeremiah.shea@ingrammicro.com